While our primary focus is in development of information security related free software, information security research, publications, and community activities aimed at making existing free software safer to use, we also offer a number of services as a means to try to fund said non-commercial activities.
The services include:
Free software development.
You may request further work on a particular project we have, request a particular feature you may be interested in, request a certain bit of work on third-party free software, or request an entirely new piece of free software to be developed. Of course, the resulting software will remain free and available to everyone, not just you. This is one thing which helps us keep your costs down.
Source code reviews for security vulnerabilities.
You distribute a software product? Offer an (online) service using custom software (such as scripts producing dynamic content on your website)? Intend to use a piece of third-party software for a sensitive task? We have the experience necessary to review the overall design of the software from a security standpoint, conduct comprehensive source code audits for known classes of vulnerabilities, review the use and implementation of cryptographic techniques and the design and implementation of custom communication protocols (if applicable). We will provide you (or your development team) with information on how to deal with the issues found, or, in some cases, we may modify the software for you ourselves. We may just patch the very particular vulnerabilities in the code or, if it's free software and thus would benefit more than just you, re-code parts that are especially bad.
Remote information security consulting.
We may consult you or your IT staff on information security issues, in particular those related to network design, network equipment and server OS deployment and use. We may also help you define a security policy, or help investigate and deal with a particular security incident. With a long-term partnership, we may keep you informed on new security issues being discovered that affect your particular systems or network, help you do security policy enforcement, and handle incident response.
Our prices vary on a case by case basis. In general, free software development (which helps the community) is cheaper than consulting, and work with our own free software is cheaper than work with third-party software.
Whenever hourly billing is applicable, the pricing for our consulting services ranges from $150/hour to $250/hour (US dollars), with lower rates available for work on free software and/or with a long-term commitment. There's a three-hour minimum.
Please e-mail <services at openwall.com> for a price quote as well as to actually order a service and arrange payment.
If you're looking for technical support for our software, the proper contact e-mail addresses are given in the documentation for each software package. For general support or if you have difficulty locating a more specific address, please e-mail <needhelp at openwall.com>. We strive to provide excellent response time for those who have purchased a product or service from us (please be sure to include your order number or other identifying information).
However, please note that we do not provide password recovery services. Please do not bother contacting us with such requests. And no, JtR Pro is not a password recovery tool - rather, it is primarily a tool for systems administrators and security consultants to audit (large) user/password databases (containing password hashes) to identify weak passwords. The free JtR -jumbo includes some advanced end-user password recovery functionality (for local files only, not for remote accounts), but we do not provide support on it. That said, if you already got JtR working on your own and merely need to tune it to perform better in your specific case, then you may join the john-users mailing list and ask the friendly community in there.